1. Field of the Invention
The present invention relates to encrypted virtual terminal equipment which is resistant to security invasions such as wiretapping or pretending to be a proper user in a network environment that a plurality of computers are connected therewith.
2. Description of Related Arts
In recent distributed processing environments, a remote virtual terminal service (hereinafter abbreviated as a TELNET) is widely utilized, which can manipulate a computer installed remotely via a network as if it were directly connected therewith.
On the other hand, it is a general trend that a present development of products is effected by a synergic working among specified organizations having a high reliable technology. Therefore, in order to support the synergic working between these organizations, network applications which include the TELNET are worthy of notice.
Nevertheless, since these network applications are based on an open architecture, it has been a problem of utmost importance that wiretapping and falsification are easily performed.
For this reason, a development of cryptographical technique which enhances the degree of security in the field of network applications has been eagerly pursued.
A prior art encrypted virtual terminal device was designed to prevent an intruder's attack, such as wiretapping or the like by encrypting a whole session including a password.
However, even if the session were encrypted, improper user can wire tap a whole session passing through a network between an encrypted client and an encrypted server to record the contents thereof. Thereafter, he can transmit the recorded data to the encrypted server, allowing him to pretend to be a proper user.
In this case, a false user or false pretender cannot understand a content of communication, but he may succeed in receiving the past communicated content in the encrypted server under the pretense of a proper communication. Further, since there is a good chance that the communicated content may include, for example, a file cancel command or the like, it is quite dangerous that data of a computer can be destroyed.
This is a positive attack that is regarded as a reply attack. It is important for a network to prevent such attack.
On the other hand, as a technology for preventing a false user from cryptanalyzing, a subscription broadcasting system is provided with means for broadcasting regularly an initialized data of the encryption device. Also, a scramble communication system can provide several kinds of random number patterns and any of these patterns are selected. These systems are well known.
The above two technologies are concerned with a broadcast system which unidirectionally transmits information from a transmitting side to a receiving side. Data that initializes the encryption device at the transmitting side is produced and it is transmitted to the receiving side, to thereby prevent a cipher from being interpreted. For these technologies, it is not possible to obstruct an attack based on the above-mentioned reply attack method.
As described above, an effective defending method against an offensive by the reply attack has never been known.